As for the 'reload protection', I'm not an advocate of using IPs as unique identifiers: it's becoming more and more common for people to be using a proxy of some sort, and while you only see 1 IP, there may be 10s, 100s, or 1000s of people sharing that same IP.

If you must use IPs, then the easiest, efficient way I can think of would be to write the IPs out to a directory as filenames and then use the -M file test operator to help identify which filenames/IPs to delete after a day.

That way, you could check if the IP exists as a file: if it does, do nothing; if it doesn't, increment the counter.